2014
DOI: 10.1016/j.diin.2013.11.002
|View full text |Cite
|
Sign up to set email alerts
|

Private browsing: A window of forensic opportunity

Abstract: The release of Internet Explorer 10 marks a significant change in how browsing artifacts are stored in the Windows file system, moving away from well-understood Index.dat files to use a high performance database, the Extensible Storage Engine. Researchers have suggested that despite this change there remain forensic opportunities to recover InPrivate browsing records from the new browser. The prospect of recovering such evidence, together with its potential forensic significance, prompts questions including wh… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

1
6
0

Year Published

2016
2016
2023
2023

Publication Types

Select...
5
4
1

Relationship

1
9

Authors

Journals

citations
Cited by 22 publications
(7 citation statements)
references
References 5 publications
1
6
0
Order By: Relevance
“…A problem with the term AF is that it is used to arbitrarily categorize all software and hardware which at any given time thwarts DF investigatory processes, regardless of intention and malice. Whilst there are tools designed specifically with the goal of being AF, this can also be achieved as a by-product of many legitimate privacy enhancing software features, for example private browsing modes which may reduce the presence of Internet browsing history on a system (Said et al, 2011;Marrington et al, 2012;Chivers, 2014). The issues surrounding the defining of AF can be seen in the work of Al Fahdi et al, (2013) who note that 'arguably both encryption and steganography are a form of Anti-forensics'.…”
Section: Anti-forensicsmentioning
confidence: 99%
“…A problem with the term AF is that it is used to arbitrarily categorize all software and hardware which at any given time thwarts DF investigatory processes, regardless of intention and malice. Whilst there are tools designed specifically with the goal of being AF, this can also be achieved as a by-product of many legitimate privacy enhancing software features, for example private browsing modes which may reduce the presence of Internet browsing history on a system (Said et al, 2011;Marrington et al, 2012;Chivers, 2014). The issues surrounding the defining of AF can be seen in the work of Al Fahdi et al, (2013) who note that 'arguably both encryption and steganography are a form of Anti-forensics'.…”
Section: Anti-forensicsmentioning
confidence: 99%
“…UFED physical analyzer which analyzes every segment of a device's memory using advanced logical, file system and physical extractions. Using simple stand-alone method with UFED, an examiner can recover MMS/SMS messages, call logs, photos, video, and contact information [13]. UFED mainly focuses on logical extraction only.…”
Section: Cellebrite Ufed Physical Analysermentioning
confidence: 99%
“…2 Detailed study of how a Windows application uses ESE has a wider benefit for forensic practitioners than the application itself, since an understanding of how ESE is used provides valuable insights into other applications that use the database, and continuity between applications often means that study of an application provides a good basis for understanding its successor. For example, the study of how Internet Explorer 10 used ESE (Chivers, 2014) applies equally to the Edge browser, and provides insights into how Windows Apps store Internet data.…”
Section: Introductionmentioning
confidence: 99%